Overview

overview

10

Static

static

7

80df2f0d4d...18.exe

windows7-x64

10

80df2f0d4d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80df2f0d4da5e61f4341c4d971170395_JaffaCakes118

  • Size

    3.9MB

  • Sample

    240529-qkk3jage43

  • MD5

    80df2f0d4da5e61f4341c4d971170395

  • SHA1

    4246048db2e697a05f8dc252e3cb60f7ce83832a

  • SHA256

    915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b

  • SHA512

    8a78824845d3b5f235028dd19107a6a9469f5f1bb4b18d7e41e54e6aff1d76157e0866c1cdb6d0d46029bca4307afc501a50f04d03926902ff96d8ca44acf069

  • SSDEEP

    98304:b2tpzpptdlPk/vq1FXRF7LOmt64dcn1mx71J/T+BXuBFBrEy:b8tdcq1FXRxZtcnAJ1REXsBIy

Score
10/10
rmsaspackv2rattrojanupx

Malware Config

Targets

    • Target

      80df2f0d4da5e61f4341c4d971170395_JaffaCakes118

    • Size

      3.9MB

    • MD5

      80df2f0d4da5e61f4341c4d971170395

    • SHA1

      4246048db2e697a05f8dc252e3cb60f7ce83832a

    • SHA256

      915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4b

    • SHA512

      8a78824845d3b5f235028dd19107a6a9469f5f1bb4b18d7e41e54e6aff1d76157e0866c1cdb6d0d46029bca4307afc501a50f04d03926902ff96d8ca44acf069

    • SSDEEP

      98304:b2tpzpptdlPk/vq1FXRF7LOmt64dcn1mx71J/T+BXuBFBrEy:b8tdcq1FXRxZtcnAJ1REXsBIy

    Score
    10/10
    rmsaspackv2rattrojanupx

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks